Unrated severityNVD Advisory· Published Mar 16, 2010· Updated Apr 29, 2026

CVE-2010-0971

Description

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.

Affected products

Atutor/Atutor
cpe:2.3:a:atutor:atutor:1.6.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1003-exploits/atutor-xss.txtnvdExploit
www.exploit-db.com/exploits/11685nvdExploit
secunia.com/advisories/38906nvdVendor Advisory
osvdb.org/62904nvd
osvdb.org/62905nvd
osvdb.org/62906nvd
www.securityfocus.com/bid/38656nvd
exchange.xforce.ibmcloud.com/vulnerabilities/56852nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000